Pages

Monday 29 February 2016

Pi 3

I just bought a Raspberry Pi 3. Because.

It's 50% faster than the Pi 2, which makes it 10 times faster than the Pi 1. I use several Pies for mail servers, DNS servers and the like.

The big thing that the Pi 3 has, is built in wifi and bluetooth. I don't know what I'll be doing with this pi, but I'm sure I'll think of something.

Saturday 27 February 2016

if

When I was a teenager, I discovered science fiction magazines. Astounding (which became Analog) was my favourite, but "if" was a close second, followed by "f & sf". I was able to buy them second hand at the market for sixpence each, and my collection of these was my first owned library.

I learned a lot from these magazines, and they reinforced my love of maths and physics. I remember at my university interview, one of the questions they asked me was the difference between science and superstition. I'd just read an editorial in Analog about this, and I pretty much regurgitated that for them.

When I went to university, there was a science fiction book club; I joined that and systematically read my way through their shelves.

I've just found out that a complete set of "if" is available online. All 187 of them. I've downloaded all of them in pdf format, and I'm putting them on my iPad now (the Kindle isn't really big enough for pdfs).

Friday 26 February 2016

In or out?

It's complicated. Opinions and facts are plentiful, but how do we judge the relevance of these, and weigh them to come to a conclusion?

Somethings are undisputable. If we leave the EU, then our laws won't be made by Brussels bureaucrats ... or will they? Even if we leave the EU, we'll still be trading with the EU countries in a big way. So if Brussels says that the Sausage has to contain at least 75% meat, then if you're a British Sausage maker who hopes to export, you'll conform to the regulation. If you're a British winemaker who makes sparling wine, then if you call it "Champagne" you'll have your trousers sued off you by a bunch of angry French.

If we leave the EU, we won't be bound by the European Convention on Human Rights ... except that this isn't a EU thing, it's something we signed up to voluntarily. And if we were to replace it with a British Convention on Human Rights, I'd think that it will look pretty much the same.

If we leave the EU, we won't have to join the Euro. But equally, we won't have to join it if we stay.

Then there's the migrants issue, which I think looms large in people's minds. If you've read my blog, you know how I feel about this, But would leaving the EU reduce immigration? Maybe it would reduce immigration from European countries, but Pakistan, Bangladesh and India, for example, aren't in the EU, yet we've seen a fair few immigrants from there. The largest contingent is from Ireland - do we really want to "keep out the Irish"? If you look at the top ten countries that provide the immigrants into the UK, none of them are EC countries - except Ireland.

And what about the Brits Abroad? If the reciprocal arrangements close down, a lot of them will come back. They're British citizens, with British passports. 3/4 million of them live in Spain alone! There's well over a million of Brits living in the EC. A lot of the people living retired in Spain are over 60; if they flood back to the UK then you'll see an overstretched NHS.

Does leaving the EU mean that we get to control our own economy? Well, we already control our money supply, our interest rate and our exchange rates are market-driven.
And do you, for one moment, suppose that VAT will be repealed and replaced by the old way of taxing?

People tell me "This country is bursting at the seams." That's twaddle. I go for long bike rides, leaving the car on the bike and getting back six hours later. During that time, I usually don't see a single person, and not many buildings. Or do they mean services, such as the NHS? I went to give a blood sample today; the lady who took my blood wore a headscarf. Without immigration, the NHS would be very short staffed. Or buildings? The Polish plumber (or brickie, or carpenter) is proverbial.

All I can give you is my analysis. As a general rule, larger economic units do better than small ones. Imagine if the USA were 50 different countries, with 50 different legal systems, 50 different currencies and 50 different tariffs and import duties. They wouldn't be the economic powerhouse that they are today.

So my inclination is "remain". I'll listen to the arguments, but I'm not expecting them to be comprehensible or objective.

Immortal a third time

This time as Darius. You don't get the double crossbows, but you get longer Golden Ages. My strategy was to go for Artillery as fast as possible, then use those to conquer pretty much the whole world, finishing off with Stealth Bombers.

A visit to the doctor

After waiting a bit, I saw the doctor. We chatted a bit, and she asked me if I had anything to show her. So I showed her my big toenail; she diagnosed it as a fungal infection, and gave me a prescription. Strangely, that hadn't occured to me. And I showed her my lump; it's a lipoma, just a lump of congealed fat under the skin. It's not causing me a problem, so we agreed to leave it alone. She took my blood pressure, which is good, and my heart was beating slowly, which is very good. And she wrote me a letter for a blood test.

So this afternoon, I fetched up at Amersham hospital, where a nice lady hardly hurt me at all, driving a needle into the inside of my elbow, and extracting a couple of tubes of blood. They'll test it to check that it really is blood, and if there's a problem they'll tell my doctor who will tell me. But we're not expecting anything.

I also did the bowel cancer test. That's painless, but could be messy. You have to give a tiny sample on each of three days, smear it into an envelope, and put that into an envelope for posting. I've done it a few times now. I think they do it for everyone over a certain age.

The NHS certainly looks after us!

Thursday 25 February 2016

To the doctor

With my latest repeat presciption, I have an invitation to say hello to my doctor. It's a ten minute routine appointment, I don't think she has any portentious news to impart.

I'll give her a list of my minor ailments, tell her what I'm doing to treat them, get advice on the ones I'm not treating, and that should be it. Ten minutes is all I get, so I might as well make it interesting for both of us.

Antivirus product testing

25 years ago, AV product testing was really difficult. You had to assemble a zoo of viruses (and how would you do that?), check that each of them really were viruses (some zoos I saw had a lot of simply rubbish files), then see how many the product detected. And for most serious products, you'd find that the detection rates were between 99% and 100% - not a lot to choose between them. You could also do an "in the wild" test, against viruses that were actually out there, not merely in researchers' collections. And you'd expect that all serious products would score 100%.

Happy days!

It's totally different now - when I started looking at this recently, I couldn't believe how different. Testing is easy. I get sent, via email, dozens of trojans per week (the threat today is trojans, not viruses, although many people lump the two together as "malware").
So it's easy to assemble your zoo; they float in through your front door.

Testing products is easy too. There's VirusTotal, for example, which will show each of your samples to 50 or so products, and tell you which ones flag your specimen.

And the result is embarrassing. Or at least it should be embarrassing. I'm not embarrassed because I haven't had a product for 20 years. But AV vendors should be embarrassed, and the technical people there - well, I don't know how they can show their faces at conferences.

Because when I show a malware file that's just arrived by email to VirusTotal, it typically tells me that 90% of products fail to flag it. Sometimes 100% fail.

Here's one that just arrived a couple of hours ago. I say "one", actually, there were ten of them sent to me so far, each with a different from address.


Subject: CHAPS Remittance Advice (25/02/16)
Parts/Attachments:
   1.1 Shown   ~75 lines  Text (charset: ISO-8859-1)
   1.2   OK    ~61 lines  Text (charset: ISO-8859-1)
   2            47 KB     Application, "CHAPS_remittance_advice_75002891749.doc"
----------------------------------------


Please find attached your remittance advice.

If you do have any queries regarding this remittance advice, please contact:


Threadneedle (Supplier Reference beginning TP)

Tel No: 01330 069 014
Fax No: 02051 969 501
Email: Property-AccountsPayable@threadneedle.co.uk
According to Metadefender and Jotti, Kaspersky flags it as a trojan downloader. Everyone else passes it as clean. According to VirusTotal, everyone (including Kaspersky) passes it as clean.

How can the people selling these products show their faces in public?

So what is protecting my systems?

1) I'm running linux, not Windows. 2) I've disabled the running of macros in my word processor. 3) I'm not stupid enough to load an email attachment unless I'm *sure* that I know who it's from, and it really was from that person.

For most people, 1) isn't an option, and they wouldn't know how to do 2. And I expect that 99.9% of people aren't stupid, but there are *so many* of these malwared emails, and some of them are *really* plausible, and I doubt if the criminals would be sending them out unless it worked at least sometimes.

I can see the problem, of course. The malware is emailed to me and many other people; the AV vendors only get to see it after it was mailed out. They could argue "Well, it's impossible to write a product that will flag these". But it isn't impossible to write a product that will protect users against many of the threats (see my previous blogs for how).

And if it is actually impossible to create a product that gives a useful amount of protection ... then say so, and don't sell snake oil.

Bike maintenance

Yesterday, I was inconvenienced by the fact that I couldn't get into the lower gears (needing to go up hills). So today, bike maintenance.

The problem seemed to be with the gear changer, and also with the cable adjustment. The gear changer wouldn't go into gears 5,6 or 7 (the higher gears). I opened it up, and the cable inside has become a bit frayed, and was fouling. So I got my side cutters, and gave it a bit of a trim, so that after that it could reach all seven gears. Then I readjusted the cable, so that I'd be able to change gear all the way from 1 to 7.

But I'm not sure how long this is going to last, so I went on to Ebay and bought a replacement gear shifter/brake lever, £9.99. Bike bits really are cheap!

Then I oiled the chain (when I see a rusty chain on someone else's bike, I have a strong urge to sneak over and oil it - the Phantom Oiler strikes again!). I checked everyting else, and it seemed fine.


Wednesday 24 February 2016

Trundling around Tewin

I was out today near Welwyn Garden City. There were four intertwined loops, so the navigation plan was quite complicated. And the bike didn't help - I couldn't get into a lower gear than fourth. I'll do some maintenance!

A few DNFs, and a total of 39 finds.

The Digswell viaduct was magnificent. I got a picture as a train was traversing it.




Sunday 21 February 2016

Ransomware

I think this is getting more and more common. I've recently read of a couple of organisations who paid the ransom, and they are probably just the tip of a larger iceberg - who would want to admit they've been had? So I want to talk about this a bit.

First, what is ransomware?

It's malware that you unknowingly install on your computer. It encrypts all your data with a two-key cryptosystem. Two keys means that there's one key to encrypt (and you might be able to locate that on the computer) and a different key to decrypt. Knowing one key doesn't help you know the other. So how do you get the decryption key? You pay the criminal. Yuck. How much? A few hundred dollars. Per computer.

It's become so common, that it was the main plotline in a recent episode of an American series "The Good Wife".

So how do you prevent the problem?

Backups are a really good idea, of course they are. Your hard drive will fail, the only question is when. But backups might not protect you from ransomware. because the whole point of backups, is to copy your files from your main computer, onto someplace else. And if those files are encrypted, your backups are too.

So any moderately cunning ransomeware, will do the encryption, then silently sit in the background decrypting files on the fly as you call them up, and do that for a few weeks, before telling you you've been got. And delete the decryption key, so you're forced to buy it from the criminal, or say goodbye to your data. because your backups are also encrypted. I don't know if existing ransomeware does this, but it is an obvious thing to do.

To avoid ransomeware, you have to avoid malware. Antivirus products won't help you here, as you've seen in my blog over the last several months.

Some people suggest user education. This is, sadly, contradicted by experience. Users really don't care about computer security, they don't see it as their problem. And especially if they are running some sort of security software, such as an antivirus - they'll shuffle all responsibility off to that software. "Hey, it wasn't my fault, I was running Splendid Antivirus".

There's two major sources of malware coming in to your system, and a minor third.

The first is email. You can't block all incoming email. You can try to block spam, good idea. But not all malicious emails identify as spam. Again, in previous blogs, I've explained that you should block enclosed zip files (and other archivers), block incoming PDF files, js files and sanitise incoming Word and Excel files. The average incoming malware email is flagged as clean by 90% of antiviruses, so don't expect your antivirus to help with this.

The second is malvertising. Again, I've explained this in blogs; the answer is to block ads using a good ad blocker (I use two, the hosts file and uBlock).

The third (but minor) source is compromised web sites. I've seen this happen a few times. A computer that's used to update the web site is compromised, and that adds javascript to the web site so that when a user accesses that page, the javascript compromises that user's computer. To prevent this, use a javascript blocked (I use Noscript). This means that there's some web sites that you can't access. Well, that forces you to think about whether you really need that site - I find that usually I don't need it.




Immortal

I just won Civilisation V, at the level of Immortal, which is the highest. It isn't easy. Here's how I did it.

1) Choose to be Chinese. That way you get the double-crossbow, which is a very powerful weapon, early in the game.

2) Choose an Earth world. That way, you know the geography.

3) Small. I haven't tried it with larger worlds.

4) You want to be in Africa or America because that way, you won't be attacked by the other players so much. Or maybe at one end of Eurasia.

So step one, spread out in your continent. When you get the double-crossbows, conquer the city-states. And go for as much technology as you can. Get to artillery as soon as you can, because they can stand off and bombard from a distance of three. Use that to invade the next-door continent - meanwhile, keep concentrating on technology. Your objective is stealth bombers, which should get you control of the rest of the world.

You'll need oil, so if your territory doesn't have any, you'll need to invade someone who does. Ditto, later on, aluminium.

Saturday 20 February 2016

Declined!

I tried to buy a case for a Raspberry Pi on Ebay, costing £1.50. It didn't work. On investigation, Paypal told me that my card had been declined!

Eek! I'm in trouble!

My first thought that this was to do with a recent incident at a petrol station, where I'd filled up, and either I'd got my PIN number wrong three times, or there was something wrong with the keypad. I was tired - nay, exhausted after a day's caching, so it might well have been me. I sorted that out - I couldn't believe how easy that was. Apparently, you go to an cash machine and do a little dance that involves giving the correct number. Of course, I have a strong aversion to using cash machines that might have been compromised with a skimmer reader, so I used one *inside* the bank.

But then I realised - that's a different card.

This was the card I use for Paypal, Amazon and other online stuff. So I phoned my bank.

I very quickly got through to a robot, who took my card number, and transferred me to a human. The human immediately put me on hold, and I was on hold for half an hour. Eventually, she got back to me, and launched into her script as if she hadn't been gone. When that happens to me, I have to stop whatever I'm doing (you think I just sit there listening to the hold music?), take the phone off speaker (you think I'm nestling the phone to my ear?) and switch context to deal with this matter.

So I told her to repeat what she'd just gabbled.

She took me through a couple of security checks (expiry date, amount of a recent purchase) and then we were all set.

She told me that my card was cacncelled, because they'd recently sent me a Mastercard to replace the Visa I'd been using. Yes, I remembered that, but I hadn't realised they'd be cancelling the old card. Problem solved - all I have to do is start using the new card. But first, she wanted me to take a survey on customer satisfaction. But first, I wanted to know the reason for the half hour on hold. Apparently her system crashed. "Does that happen a lot?" I asked. No, it doesn't. "When did it last happen?" Wednesday. Which means that it does happen a lot. A customer-facing computer system should not crash. So I did the "customer dissatisfaction survey", giving them a strong blast of "keeping me on hold for half an hour is not conducive to me recommending you to my friends".

Then I went to the Paypal site to give it the new card, and wasted another ten minutes because adding a new card should be simple to do, but the graphics designer who made the page for doing it, didn't realise that not everyone runs their browser full-screen, and the thing that I needed to click on to update the card, was invisible, off to the right of what my browser showed me. Eventually, I realised the problem, and then it was done.


Fettling the mail server

Actually, I have several mail servers. I also use AOL and Gmail. But I don't want to bob about between different user interfaces, and have to log in to various places to do all my mail. So I use fetchmail.

The server that this runs on, is what I call my main mail server. It polls each of the places that I get mail at (and if there's a service like Facebook or Geocaching.com that doesn't allow  me to pick up my messages using POP or IMAP, then I don't use it. Tough.)

And my mail server, Sadih, developed a bad sector on the SD card.

This isn't a disaster, it just meant that there was a file that wasn't readable, and it wasn't an important file. But I don't want my main mail server to be failing - one bad sector can be the precursor of many more. So I decided to set up a new main mail server.

I've done this a few times. The first time was when I switched it from a full-sized server to a small computer. The second time what when I switched it to a Raspberry Pi. The third time was when I switched to a Pi 2, and now another switch. The new server will be called Sadii (because there was Sadie, Sadif, Sadig and Sadih, and before that, Zelda).

So first I checked for the latest linux on the Pi, and it's just been updated, a couple of weeks ago. Debian Jessie. So I downloaded that, and splatted it onto a 32 gb SD card. Because I had one.

Then I used apt-get to install all the necessary software, such as samba. And then the software that my despammer uses.

I've talked about my despammer before. I made it myself, and I'd use nothing else. I also configured Alpine (a clone of Pine); the most important part is to sort email by subject header. That helps when I check my spam folder. But Pine does other good stuff; it shows me where a link really goes, not just where the spammer says it goes.

Then the crontabs. One of them, once per minute, checks each of my servers to see if it's reporting that it has any problems. If it can't contact the server, that counts as a problem, of course. So when I look at my "alerts" folder, I can see which servers are comlaining. And also, once per minute, a program counts those alerts, and a Raspberry Pi displays that number on a big screen.

The biggest problem I had, was with DNS. There was a time when you set up resolv.conf with the IP address of your DNS server, and that was that. But now there's a thing that creates resolv.conf for you, and overwrites the one I ser up. It's called resolvconf, and you deal with this by setting up resolvconf.conf to tell resolvconf what you want to have in resolv.conf. I'm sure there's a good reason for this, but I don't know what it is.

So then I tested the whole thing by emailed one of my AOL accounts, and it worked. Plus, spam is flowing in (and being put into the spam folder).

Job done.

Friday 19 February 2016

Cruising across Croxley

I went out on the bike again today, and was mostly mud-free. I whizzed round a forest, then down a tow path, then across town to get back to the car. Only 28 caches done, though, and a large number of DNFs.

Wednesday 17 February 2016

Nose bleed

A slight nose bleed. Just a few drops, then it stopped. I have a tissue that's somewhat reddened.

I don't know what causes these - I do get them occasionally. High blood pressure is an obvious possibility, but whenever I've had my bblood pressure read, it's been reassuringly low. I must have wide veins, or something.

So I decided to look into a blood pressure thing, a sphygmomanometer. You'lve probably been tested yourself at some time; they wrap your arm up in an inflatable bandage, then they pump up the bandage, take a reading, release the pressure, and take another reading. Not something it's easy to do for yourself, because you obviously can't use both hands to put it on.

It's completely different now, of course.

They're digital. And they cost about a fiver. And they're very easy to use. Ebay.

While I was there, I also got a battery-powered electric toothbrush, because the one I got a couple of months ago is so good. I use a big brush for the main scrub, then a fine brush
as a finisher. Because the dentist told me to. Then I use a hand-held interdental brush - apparently, that's very important.

I did lots of stuff at school. I visited the dentist several times - in those days, the cure for anything dental was enthusiastic drilling followed by mercury amalgam filling. Not now, of course. At no point did anyone explain to me about interdental brushing.

And while I'm reporting on health matters, my left wrist, which has been feeling sprained or strained for the last few months, is still gradually improving, to the point where when I went out on the bike yesterday, it didn't hurt at all.

It's great the way I self-repair. Now if I could only grow a few new teeth - I used to be able to do that, but it seems I've forgotten how.

A tempting malware

Date: Wed, 17 Feb 2016 04:46:14 +1100
From: "terry@murraylumbercompany.com" <terry@murraylumbercompany.com>
To: drsollyp@drsolly.com
Subject: RE: drsolly.com hacked?
Parts/Attachments:
   1 Shown      4 lines  Text (charset: ISO-8859-1)
   2          181 KB     Application
----------------------------------------

I just got this swearing email from admin@drsolly.com.
Have you guys been hacked?



    [ Part 2, Application/OCTET-STREAM (Name: "swearing_mess.doc") 181 KB. ]
 

A lot of people would be tempted to open this Doc file to see what this is about. Don't.

You haven't been hacked, it's just an email that says you have. The Doc file is, of course, malware, so if you open it, then, well, you have been hacked!

I'm getting a few of these emails to various of my email addresses.

No mud in Maldon

After my last very muddy trip to Souldrop, I was attracted by a series in Maldon called "No mud!".

I went to the Promenade Park there, and paid an unexpected £6 for an all-day ticket. I got the bike out, loaded it up and set off. Usually, I don't pay for parking - there's no point, because I usually park way outside town and get on the bike. But since I was there, I decided to stay.

My first cache was Boating Lake, where I searched for a long time. Then I found a Christmas bauble, and thought "Aha". But it wasn't the cache. Eventually I gave up.

Then I had a second DNF with "A mendacious challenge"; another half hour spent fruitlessly.

But then things improved, and I wound up with 38 caches, and no mud! When I was at the town centre, I chained up the bike outside a bank, and went in to revive my credit card, which had been barred because I'd put in the wrong PIN number three times (I don't think I did). To get it revived, I had to put it into a cash machine, and I never do that because I have no way of knowing if a random machine has been compromised. But I'm thinking that one that's *inside* the bank's premises is as safe as they can get, so I did it there.

The first machine spat my card back out, with a terse message saying it couldn't handle it. I found a handy bank employee, who took me to another machine and that worked. I have no idea why the first one rejected the card. But now I once again have a working credit card, which means I don't have to carry so much cash around.

I got back to the car at about 4 pm; along the way, ladysolly had phoned me with the solution to a puzzle that was her specialty; the coords were about 20 yards from where I'd parked the car, and the cache was an easy find.

After a late lunch, I drove home, picking up a few final caches before I got back to the motorway. Another good day out, except that, that evening, Alexander the Great slaughtered my forces in Civ V.

Monday 15 February 2016

Sunday 14 February 2016

Another unflagged malware

Date: Sun, 14 Feb 2016 16:26:53 +0200
From: Microsoft Corporation <kedasm@kedachina.com.cn>
Reply-To: dr.mark.loughran@gmail.com
Subject: MCCP:                                              LSZYLXHLMB
Parts/Attachments:
   1 Shown      6 lines  Text (charset: Windows-1251)
   2          199 KB     Application
----------------------------------------

This is an official notification to you by the board of trustees Microsoft Corporate Citizenship, you have
been selected for using Microsoft services, view the attached document for more details.

Dr. Nicola Hodson
General Manager, Marketing & Operations UK
Microsoft Corporation


It's a PDF file. I sent it to Virustotal.com, and all 53 products passed it as clean.

Either they're mistaken, or Microsoft really is emailing me. It was first sent to Virustotal 30 hours ago. Or maybe it's not malware, just a scam? If it's a scam, then sending it as a PDF was pretty silly.

So I opened it (not using Adobe, of course). Apparently, I'm one of seven lucky recipients of £1,864,000, and all I have to do is ...




Saturday 13 February 2016

OLBPre.exe revisited

I found the cause of the occasional reboot of the computer. The power lead was loose!

OLBPre.exe was a backup system that I guess I installed several months ago, I can't remember. Deleting it seems to have stopped the thing that pops up when the computer restarts.

My guess is that it's been like that for a long time, and it was only when the power lead came loose that it became noticable.

A Christian Nation?

I'm constantly amazed at the veneration that Americans give to a bunch of 250 year-old politicians. 250 years ago, we British 1) allowed slavery, 2) had the death penaly for theft 3) burned witches. We think that we've come a long way since then, and mostly we don't subscribe to the views of 250 years ago.

Yet an almost religious fervour is given to the founding fathers - no, I'm wrong, it *is* religious. There's a set of documents that are, it would seem, inerrant. There's a set of people who were, it seems, inspired by revelation and are quoted as authorities in many debates. And although there have been 27 amendments to the US constitution, it's treated as if it were written in stone (while arguments rage about the meanings of the words). Just like a religion.

It's actually easy. All you have to do is decide amongst yourselves what your laws should be, and enact them. If you want to be a Christian Nation, then you can be, and good luck with that, although the word "Christian" includes many groups (are the Mormons Christian? Scientologists?) and you may have trouble defining what is meant. If you want to be a secular nation, with people's religions their own business, then good luck with that too (and we Europeans would prefer that, we have enough refugees right now without more pouring across the Atlantic).

My guess is that, if a vote were taken, Americans wwould vote for "secular". But that's just a guess from a non-American.

Friday 12 February 2016

Fettling the bike

When I go over clingy mud, it builds up on the front wheel by the brake, and I have to dig it out now and then. On the back wheel, it builds up in two places - by the brake, and under the rear carrier.

I have to have a rear carrier, because that supports the batteries. But I had a look at it, and I decided that the problem partly is that it's too narrow. So I swapped it for a wider one, now there's a lot more clearance between the struts supporting the carrier and the rear wheel, so the bulidup of mud will, I hope, be less of a problem. Or to put it another way, a lot more mud will have to build up before the wheel jams.

I also re-taped the bike control switch, the tape had come a bit loose.

Finally, the cunning electrical connector that connects three batteries in series, passes the current through a 30 amp fuse and a breaker switch, while doing the clever spark-suppression when I connect - one of the wires had got a bit frayed, and it looked like some of the strands had broken. So I fixed that - it's not a big thing, but I'd not want it to come apart when I'm miles from the car. Although I do have a backup :-)

I oiled the chain. I see so many bikes with rusty chains, it makes me feel like walking around with a mask and oilcan and being the Phantom Oiler.

And I changed the container that I put the batteries in - that's to give them a bit of protection in case I fall off the bike, as happens now and then. The batteries I'm using now are slightly wider, so I'm using my ammo can style lunch tin.

Gravitational waves

This is really good news. A whole new way to observe the universe has opened up, and there's no predicting what we might see one day.

For example - we can't see the big bang using light, because the universe was opaque to light for quite a long time. But it wasn't opaque to gratitational radiation.

We know about the big bang, because we can see the cosmic microwave radiation. And we can see that, because we can see microwaves. But before 1940, we couldn't. The ability to see that part of the electromagnetic specrum opened up radio astromomy, and revolutionised cosmology.

Being able to see gravity waves, is like opening up a whole new spectrum to see by.


Thursday 11 February 2016

Life after Hatley

I went out today, to to a ring near Souldrop. The theme of the day was mud. I brought quite a lot of mud home with me, but don't worry, there's plenty left.

It started out well, a nice tarmac surface, then gravel. But then I did a digression to pick up some extras. That started out on gravel, but soon deteriorated into a very soft surface, I could only just bike on it. But after doing three, to get to the next one, I'd have to ride across a field of clingy mud, and my experience tells me that half way across, the bike will seize up totally, and progress will then be a yard at a time, and with great effort. So I turned round, and went back to the Souldrop ring.

Again, at first, I was on gravel. But then I got to the byway, which was really dreadful. The surface was soggy and deeply rutted, so I had to walk the bike mostly, and even that was a great effort. A couple of times I had to stop and unclog the mud out of the bike, because it was stopping the wheels from turning.

Eventually, I got back onto gravel, and then tarmac. I got back to the car a bit after 3pm for lunch, and I picked up a couple of drive-bys on the way home.

38 caches found, 2 DNFs.

OLBPre.exe

I run a Windows XP computer - this is because GSAK, the great geocaching app, only works on Windows. It partly works when I use WINE under Linux, but not entirely. So I have to run a Windows box. I also run Memory Map on it.

Recently, it's been crashing, and when I start it up again, I get a popup about OLBPre.exe. So I googled it.

The general opinion is that it's a trojan, although most of the sites saying so, aren't ones that I'd particularly trust. And I'm certainly not going to download their software and run it.

So I need to do something, I'm not sure exactly what. As a first attempt, I did a global search for OLBPre.exe; it was installed on September 2015, which means it isn't part of the main Windows distribution. So I deleted it. I've also removed the mention of it in the Registry. If that leaves me with a stable computer (i.e., runs GSAK and doesn't keep rebooting), then I'll probably leave it at that.

If that doesn't work, I'll do a fresh install of Windows XP, which is guaranteed to deal with any software problem.


 ... later ...

OLBPre.exe is "MYPCbackup", and there's an icon for that on the desktop, so I think I must have installed it, I don't remember why.

Tuesday 9 February 2016

Medicine testing

Medicines are tested very carefully before they are allowed on to the market. What happens when you don't, was cruelly revealed by the Thalidomide disaster.

Homeopathic medicines should also be thoroughly tested, and not allowed on sale until the standard tests (in petri dishes, on tissue, on mice, on animals and finally on humans, all double blind).

By the way, "double blind" means that you test the proposed medicine alongside a placebo - in the case of homeopathic medicine, that could be pure water. The patient doesn't know whether they are getting the medicine or the placebo, and neither does the person administering the medicine.

If homeopathic doctors believe that their medicines are effective, then they should be tested for effectiveness and side effects, just like any other medicine, and only allowed on the market if A) they don't give bad side effects and B) they perform better than placebo.

All medicines have to pass this test. Why should homeopathic medicines be exempt?

Monday 8 February 2016

A common scam

From: Stephen D Linett <royrott01@aol.com>
Reply-To: linettworks@aol.com

Subject: HELP

I'm writing this with tears in my eyes, I came down to Istanbul, Turkey for a short vacation.
Unfortunately,I was mugged at the park of the hotel where i stayed,all cash and credit card were stolen
off me but luckily for me i still have my passport with me.

I've been to the the Police here but they're not helping issues at all and my return flight leaves in few
hours from now but I'm having problems settling the hotel bills and the hotel manager won't let me leave
until I settle the bills. Well I really need your financial assistance..

Please let me know if you can help me out and I need you to keep checking your email because it's the
only way I can reach you.

I'm freaked out at the moment

Stephen D. Linett


This is a fairly common scam. The scammer has got control of an email address, and sends this email to everyone on the contacts list.

It goes on to ask you to send money via Western Union, which has the advantage that it can be picked up from anywhere, and is irreversible.


Sunday 7 February 2016

Bounces

It's difficult to notice that something isn't there.

It used to be that, if an email couldn't get to its intended recipient, then it would be "returned to sender". We called this a bounce, and it was useful, because at least you knew that something had gone wrong. Maybe a mis-spelled email address.

But I've just noticed that these days, I get very few bounces. Of course, it may be that I've become really good at not mis-spelling email addresses, but I don't think that's the reason.

It's Joe Job.

Because of the practice of Joe Jobbing, anyone who was the victim of a Joe Job, would get hundreds, thousands or even hundreds of thousands of bounces. Not useful, not at all.
So I think what's happened, is that many people have reconfigured their email system so as to not bounce undeliverable emails - it just fails, and you don't know about it.

The way I handle this, is that I accept all email, but then my despam filter has a list of valid email addresses, and if the email was sent to an address not on that list, then it goes into a "not-for-me" area, which I occasionally look at and delete. So I don't bounce messages.

One dide effect of this, is that when something is sent to a huge bcc (blind carbon copy, and I remember when carbon copies really were carbon) then one of my valid email addresses isn't there, and it gets put into "not-for-me". But I'm happy with that, because I doubt if I really want to read someting that has been sent to a large number of people.

I'm guessing that lots of ISPs have done something similar, so that if you send an email to a user at that server, and the user doesn't exist, then the email is silently ignored.

Which is good.

Friday 5 February 2016

Server down

My Secure Server has been running rather slowly. I rummaged around a bit, and couldn't see why, so I rebooted it, just on general principles - a reboot sometimes fixes a problem, and it's very easy to do.

This time, it had the opposite effect. The computer wouldn't start up. Time to get busy - very busy.

The secure server is an important computer - it's the one that people use when they give stuff like credit cards to buy things. If there's no secure server, then there's no commerce taking place - bad news. Very bad news.

In fact, that news would be so bad, that I have another one standing by, for just such an eventuality. So I switched the load over to that, and was back in action in minutes. Then I looked at the failed computer.

It's a hard drive problem, and at this point, I don't know exactly what failed. It looks like it can't read the partition sector, but that might just mean it can't read anything. This drive isn't going to be used again. I'm giving it a thorough disk-wipe, and it might appear in a geocache one day.

So with the backup running nicely, it was time to think about another backup. Actually, I had two backup servers for the secure server, because it is just *so* important. I decided to build a new one to replace the one that failed, and at the same time reload the software on backup number 2. And while I was doing this, I documented what I had to do to set it up, so that next time this happens, I can just follow the recipe.

For the hard drive, I'm using a very old 25 gb (that tells you how old it is) IBM drive. Old, but it's been very reliable, as IBM kit often is. For the operating system, it's Red Hat Fedora Core 23 (I started using this before Core 1) which is the latest. I installed the latest OpenSSL crypto software, the latest Apache web server, and so on and so on. And now I have a sparkly new backup server humming quietly (and periodically copying what's on the main secure server) ready to go in case of failure.

And a second backup!

Hatley Heart Attack - the final

I was out yesterday to finish this off. First, I did a loop of 28 caches, that turned into 40 with some extras. Then I did the HHA Final, which was a nice big ammo can, so I put a 2 terabyte hard drive into it. That's a bit of a lucky dip, it might work or it might not. If they were perfect, I wouldn't be dropping them in caches!

Inside the final, I found the coords for the final bonus, so I travelled quite a long way, to a place I'd visited before, to do that. A satisfying end to a great series. The problem is, what do I do after the HHA?

The first series I did yesterday was the Harston Hokey Cokey. At the first cache (number 28, I went round in reverse order), there was a crew tidying up the forest with a portable wood chipper, and they were right on top of the cache! I feared the worst. I explained to them what I was doing there, and they'd heard of the game, and as I wandered around trying to find the cache, they did too. And one of them found it! So I signed the log with my name and theirs.


Wednesday 3 February 2016

Canine, part 2

So I went back today to have my teeth scraped by the dental Hygenist, who is the pregnant daughter of my dentist. She said I was good, only one tooth needed real attention, and I know which one that is, so I'll give it an extra scrub in future. That cost me £45; I think that these scrapes aren't NHS. But worth it, to maintain what few teeth I still have. She suggested I come back in a year, by which time she'll be back on the job.

But as she poked and prodded and scraped, she found a loose filling - on the canine that had been giving me a problem! It looks like my dentist hadn't spotted it.

So I'm going back in a couple of weeks to get the filling replaced. It shouldn't be a big deal. I hope.

Here's what could be done about the malware

I was sent four copies of this. When I uploaded it to VirusTotal, 7 out of 53 products flagged it as a javascript trojan.

But one of the emails I got was very interesting.

The subject of three of the emails was: "1/24/2016 10:42:18 AM" (or a similar date and time). The fourth one said "[WARNING: VIRUS REMOVED] 2/2/2016 7:59:52 AM". So I looked at the header.

Received: from ipb4.telenor.se (ipb4.telenor.se [195.54.127.167])       by
 smtprelay-h12.telenor.se (Postfix) with ESMTP id 66690E996D;   Wed,
 3 Feb 2016 08:04:50 +0100 (CET)
X-Sender-Ip: [83.227.178.74]
X-Listener: [smtp.bredband.net]
X-Ironport-Anti-Spam-Filtered: true
X-Ironport-Anti-Spam-Result:
    A2Dr/5mKU7BWPEqy41MoGxsZAQECBwQBAgYBAQEBgVkBAQMCgSAFSodWgXica5R2AQFfgQ8TgxaCYwECYR46Pg8BAQEB
    AQEBBgEBAQFBKxSCHoIyEQozLgoJAQIDKw4CBCsMChoBGgmHC30GAQECrwuPEAiGDokAgmorgQ8BBASUI4JDBwGCeYFj
    Lpcxjj0COAEBAYFpAYIqilUBAQE
X-Ipas-Result:
    A2Dr/5mKU7BWPEqy41MoGxsZAQECBwQBAgYBAQEBgVkBAQMCgSAFSodWgXica5R2AQFfgQ8TgxaCYwECYR46Pg8BAQEB
    AQEBBgEBAQFBKxSCHoIyEQozLgoJAQIDKw4CBCsMChoBGgmHC30GAQECrwuPEAiGDokAgmorgQ8BBASUI4JDBwGCeYFj
    Lpcxjj0COAEBAYFpAYIqilUBAQE
X-Suspected-Spam: Yes
X-Ironport-Av: E=Sophos;i="5.22,384,1449529200";  
    d="js'?zip'48?scan'48,208,217,48";a="174043015"
X-Ironport-Av: E=Sophos;i="5.22,388,1449529200";    v="Mal/DrodZp-A'5'rd";
    d="txt'?js'?zip'48?scan'48,48,217,208";a="174043015"
Subject: [WARNING: VIRUS REMOVED] =?ISO-8859-1?Q?2=2F2=2F2016_7=3A59=3A52_AM?=
Received: from ua-83-227-178-74.cust.bredbandsbolaget.se (HELO
 server.herdevall.se) ([83.227.178.74]) by ipb4.telenor.se with ESMTP;
 02 Feb 2016 07:59:59 +0100
Received: from localhost (localhost [127.0.0.1])        by server.herdevall.se
 (Postfix) with ESMTP id 8BB8725A26CF;  Tue,  2 Feb 2016 07:59:55 +0100
 (CET)
X-Virus-Scanned: amavisd-new at herdevall.se
Received: from server.herdevall.se ([127.0.0.1])        by localhost
 (server.herdevall.se [127.0.0.1]) (amavisd-new, port 10024)    with ESMTP id
 0jsyqQDombg1; Tue,  2 Feb 2016 07:59:55 +0100 (CET)
Received: from xserver.herdevall.se (unknown [196.207.125.196]) by
 server.herdevall.se (Postfix) with ESMTPA id 99ADD25A26B7;     Tue,
 2 Feb 2016 07:59:53 +0100 (CET)
Message-ID: <7EF36DC57E64B760EC095A34D9E9D172@xserver.herdevall.se>
From: "micheline101" <micheline101@herdevall.se>


Yes, I know it's gibberish, but let me explain it to you. Email gets to you via a server a long way away from you. In this case, it came from xserver.herdevall.se. But that server was running a malware scanner (Sophos, version 5.22,384,1449529200), and that scanner spotted the malware (on one of the other emails, where it wasn't removed, VirusTotal said that Sophos was one of the products that spotted it).

So the Sophos product remover the malware before forwarding the email, and put the [WARNING: VIRUS REMOVED] in the subject.

This is more like it! The virus was removed before it was even mailed across the internet. But it's just a start. Here's what I think should happen.

1) More ISPs should be doing something like this, both at source and destination.
2) Any enclosed file that is just a javascript, should be removed. I can't think of a legitimate reason why anyone would email a zipped javascript file.
3) And with a bit of thought, a whole bunch of other categories of malware can be stripped out.
4) For example, any PDF file with the malformation that caused the exploit to trigger should be stripped out.
5) Any Word file of Excel file should have macros stripped out.


A convenient spam

From: GS Toilet Hire <donotreply@sageone.com>Subject: GS Toilet Hire - Invoice (SI-523) for £60.00, due on 28/02/2016
Parts/Attachments:
   1.1   OK    ~20 lines  Text
   1.2 Shown   ~22 lines  Text
   2            96 KB     Application
----------------------------------------

Good morning


Thank you for your business - we're pleased to attach your invoice in PDF. 

Please bear in mind that if we are in the area the price is reduced to £15+vat per visit. 

Full details, including payment terms, are included.If you have any questions, please don't hesitate to contact us

Kind regards, Office, GS Toilet HireDirect

Actually, it's a Word document. 50 out of 53 products say that it's clean. I say that it needs to be flushed.


And also:

Subject: Attached Image
Parts/Attachments:
   1          97 KB     Application


Actually, it's an Excel spreadsheet. 49 out of 51 products say it's clean. I say that I really don't understand why people think that antivirus software is useful.

According to VirusTotal, it was first uploaded to them 16 minutes ago. This isn't just zero-day malware, it's zero-hour. The AV companies really don't have a ghost of a chance to intercept it and flag it as malware.

Canine

On Friday evening, my left upper canine started hurting. That's the worst possible time, because the dentist isn't open till Monday.

On Saturday it got worse, and I started self-medicating on Listerine, on the thought that it's an antiseptic, it might do some good on the bacteria in my mouth.

On Sunday it was about the same, on Monday slightly better, but on Monday the dentist is open, so I phoned up. I got an appointment for the next day!

So today, I went to the dentist. The canine had stopped hurting, but I went anyway, because the appointment had been made, and maybe it would flare up again if ignored. The dentist had a good look around inside, wiggled the tooth a bit, and said that there's nothing wrong with it. He thought that I'd probably bruised it by biting too hard - apparently I grind my teeth while asleep.

No work was done, so the visit was free, courtesy of our lovely NHS system. The bad news, though, is that he's retiring. He's been my dentist for 35 years, and he knew the inside of my mouth like the back of his hand. He leaves in July, and although he's a very nice guy, I can't help hoping that I don't see him by then.

But I will, probably. I'm going in tomorrow for a routine "dental hygene" visit, to be done by his daughter (also in the trade). This just means a bit of a scrape to get off any plaque I've missed.

If you're looking for an NHS dentist, you'd do well to sign up at this practice - they're advertising for more patients right now. Phone 01494 727013.